Skip to content

Commit

Permalink
fix: use correct grant lifespan to issue tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
nsklikas committed Sep 26, 2024
1 parent 8ac652b commit 6eefc96
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 3 deletions.
4 changes: 4 additions & 0 deletions handler/oauth2/flow_authorize_code_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,10 @@ func (v AuthorizeExplicitGrantAccessRequestValidator) ValidateGrantTypes(request
return nil
}

func (v AuthorizeExplicitGrantAccessRequestValidator) GetGrantType(requester fosite.AccessRequester) fosite.GrantType {
return fosite.GrantTypeAuthorizationCode
}

func (v AuthorizeExplicitGrantAccessRequestValidator) ValidateRedirectURI(accessRequester fosite.AccessRequester, authorizeRequester fosite.Requester) error {
forcedRedirectURI := authorizeRequester.GetRequestForm().Get("redirect_uri")
requestedRedirectURI := accessRequester.GetRequestForm().Get("redirect_uri")
Expand Down
9 changes: 6 additions & 3 deletions handler/oauth2/flow_generic_code_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ type AccessRequestValidator interface {

// ValidateRedirectURI validates the redirect uri in the access request.
ValidateRedirectURI(accessRequester fosite.AccessRequester, authorizeRequester fosite.Requester) error

// GetGrantType retrieves the grant type from the request.
GetGrantType(requester fosite.AccessRequester) fosite.GrantType
}

// CodeHandler handles authorization/device code related operations.
Expand Down Expand Up @@ -138,7 +141,7 @@ func (c *GenericCodeTokenEndpointHandler) PopulateTokenEndpointResponse(ctx cont
}
}

lifeSpan := fosite.GetEffectiveLifespan(requester.GetClient(), fosite.GrantTypeAuthorizationCode, fosite.AccessToken, c.Config.GetAccessTokenLifespan(ctx))
lifeSpan := fosite.GetEffectiveLifespan(requester.GetClient(), c.GetGrantType(requester), fosite.AccessToken, c.Config.GetAccessTokenLifespan(ctx))
responder.SetAccessToken(accessToken)
responder.SetTokenType("bearer")
responder.SetExpiresIn(getExpiresIn(requester, fosite.AccessToken, lifeSpan, time.Now().UTC()))
Expand Down Expand Up @@ -209,10 +212,10 @@ func (c *GenericCodeTokenEndpointHandler) HandleTokenEndpointRequest(ctx context
requester.SetSession(ar.GetSession())
requester.SetID(ar.GetID())

atLifespan := fosite.GetEffectiveLifespan(requester.GetClient(), fosite.GrantTypeAuthorizationCode, fosite.AccessToken, c.Config.GetAccessTokenLifespan(ctx))
atLifespan := fosite.GetEffectiveLifespan(requester.GetClient(), c.GetGrantType(requester), fosite.AccessToken, c.Config.GetAccessTokenLifespan(ctx))
requester.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().UTC().Add(atLifespan).Round(time.Second))

rtLifespan := fosite.GetEffectiveLifespan(requester.GetClient(), fosite.GrantTypeAuthorizationCode, fosite.RefreshToken, c.Config.GetRefreshTokenLifespan(ctx))
rtLifespan := fosite.GetEffectiveLifespan(requester.GetClient(), c.GetGrantType(requester), fosite.RefreshToken, c.Config.GetRefreshTokenLifespan(ctx))
if rtLifespan > -1 {
requester.GetSession().SetExpiresAt(fosite.RefreshToken, time.Now().UTC().Add(rtLifespan).Round(time.Second))
}
Expand Down
4 changes: 4 additions & 0 deletions handler/rfc8628/token_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,10 @@ func (v DeviceAccessRequestValidator) ValidateRedirectURI(accessRequester fosite
return nil
}

func (v DeviceAccessRequestValidator) GetGrantType(requester fosite.AccessRequester) fosite.GrantType {
return fosite.GrantTypeDeviceCode
}

type DeviceCodeTokenEndpointHandler struct {
oauth2.GenericCodeTokenEndpointHandler
}
Expand Down

0 comments on commit 6eefc96

Please sign in to comment.